﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.SessionState;

namespace WebInvoicingsys
{
    public class Global : System.Web.HttpApplication
    {
        private void goErr(string tm)
        {
            if (SqlFilter2(tm))
            {
                Response.Redirect("/default.aspx");
            }
        }

        public static bool SqlFilter2(string InText)
        {
            string word="and|exec|insert|select|delete|update|chr|mid|master|or|truncate|char|declare|join";

            if (InText == null)
            {
                return false;
            }

            foreach(string i in word.Split('|'))
            {
                if((InText.ToLower().IndexOf(i+" ")>-1)||(InText.ToLower().IndexOf(" "+i)>-1))
                {
                    return true;
                }
            }
            
            return false;
        }

        protected void Application_Start(object sender, EventArgs e)
        {
            Application.Add("webfilepath", Server.MapPath("~/upload/"));
        }

        protected void Session_Start(object sender, EventArgs e)
        {

        }

        protected void Application_BeginRequest(object sender, EventArgs e)
        {
            //遍历Post参数，隐藏域除外
            foreach (string i in this.Request.Form)
            {
                if (i == "__VIEWSTATE") continue;
                this.goErr(this.Request.Form[i].ToString());
            }
            //遍历Get参数。
            foreach (string i in this.Request.QueryString)
            {
                this.goErr(this.Request.QueryString[i].ToString());
            }
        }

        protected void Application_AuthenticateRequest(object sender, EventArgs e)
        {

        }

        protected void Application_Error(object sender, EventArgs e)
        {

        }

        protected void Session_End(object sender, EventArgs e)
        {

        }

        protected void Application_End(object sender, EventArgs e)
        {

        }
    }
}